Forgot Your WordPress Password?

We’ve all done it, set up a WordPress password for a user and then forgotten it. This isn’t a problem if your website is live and you can send emails form it. WordPress has a built in recovery mechanism, so you can simply click on the lost your password link from the WP login page, enter your email address that you have used for your account and wait until your new password is emailed to you. Once you get your new password you can then login and change it to something you can remember on your profile page.

If you have set up your website on your local server and it’s not possible to send emails you won’t be able to use the simple password recovery option above, don’t worry there is another way to gain access to your account, via your database.

You will need to login to your database, hopefully you haven’t forgotten the password to access this otherwise this is your first challenge.

Once you have access to your website database, find the wp_users table, click on this and you will see all the users registered on your website, the column that is of interest is user_pass, if you have lots of users registered make sure you are looking at the correct row.

In the user_pass you will see 32 characters jumbled up, for example ‘575bbfeef07ce3c765c1c1d7b831d28d’ that is your password, it’s been encrypted using the MD5 message-digest algorithm, not very useful in its current form but we can work with it.

There are now two options, you can either find some software that can decrypt the MD5 hash, not very likely and not worth the hassle, after all a password wouldn’t be safe it was that easy to crack. The second option is to generate a new MD5 hash password, there are a number of websites that offer this service but here’s one we have used, MD5 Hash Generator. Enter a new or temporary password to be encoded, then click the generate MD5 Hash button.

You will now be given a new MD5 hash, make note or copy this to your clipboard. If you go back to your database you will need to edit the row for the user who’s password you’ve forgotten. Replace the current 32 characters in the user_pass field with your new one. Once this is done, you should be able to login to your website using your username and new password.